[20090601] - Core - com_users XSS A XSS vulnerability exists in the user view of com_users in the administrator panel. [20090602] - Core - ja_purity XSS A XSS vulnerability exists in the JA_Purity template which ships with Joomla! 1.5. [20090603] - Core - Frontend XSS Some values were output from the database without being properly escaped. Most strings in question were sourced from the administrator panel. [20090604] - Core - Frontend XSS - HTTP_REFERER not properly filtered An attacker can inject JavaScript or DHTML code that will be executed in the context of targeted user browser, allowing the attacker to steal cookies. HTTP_REFERER variable is not properly parsed. [20090605] - Core - Frontend XSS - PHP_SELF not properly filtered An attacker can inject JavaScript code in a URL that will be executed in the context of targeted user browser. [20090606] - Core - Missing JEXEC Check Some files were missing the check for JEXEC. These scripts will then expose internal path information of the host.
Bumped.
CVE-2011-4911 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4911): Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors. CVE-2011-4910 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4910): Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. CVE-2011-4909 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4909): Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php.